The system must not have 6to4 enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22545 | GEN007780 | SV-38926r1_rule | ECSC-1 | Medium |
| Description |
|---|
| 6to4 is an IPv6 transition mechanism involving tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
| STIG | Date |
|---|---|
| AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2014-10-03 |
Details
| Check Text ( C-37911r1_chk ) |
|---|
| Determine if there are any 6to4 tunnels configured on the system. #ifconfig -a If there are any sit or cit adapters in the ifconfig listing, this is a finding. |
| Fix Text (F-33169r1_fix) |
|---|
| Remove the configuration for any 6to4 tunnels on the system. #ifconfig sit0 detach #rmdev -dl sit0 #ifconfig cit0 detach #rmdev -dl cit0 Set the startup script /etc/rc.net to call autoconf6 with the -6 argument to prevent setting up 6 to 4 tunnels. |